CVE-2026-29053 - Vulnerability Details - OpenCVE

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Ghost	Ghost

Configuration 1 [-]

cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x

History

Mon, 09 Mar 2026 18:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:ghost:ghost::::::node.js::*

Fri, 06 Mar 2026 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ghost Ghost ghost
Vendors & Products		Ghost Ghost ghost

Thu, 05 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 05 Mar 2026 06:00:00 +0000

Type	Values Removed	Values Added
Description		Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.
Title		Ghost Vulnerable to Remote Code Execution via Malicious Themes
Weaknesses		CWE-74
References		https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-05T05:51:41.166Z

Updated: 2026-03-05T15:29:27.533Z

Reserved: 2026-03-03T17:50:11.244Z

Link: CVE-2026-29053

Vulnrichment

Updated: 2026-03-05T15:29:24.112Z

NVD

Status : Analyzed

Published: 2026-03-05T06:16:50.410

Modified: 2026-03-09T18:40:22.160

Link: CVE-2026-29053

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29053", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-03T17:50:11.244Z", "datePublished": "2026-03-05T05:51:41.166Z", "dateUpdated": "2026-03-05T15:29:27.533Z"}, "containers": {"cna": {"title": "Ghost Vulnerable to Remote Code Execution via Malicious Themes", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x"}], "affected": [{"vendor": "TryGhost", "product": "Ghost", "versions": [{"version": ">= 0.7.2, < 6.19.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-05T05:51:41.166Z"}, "descriptions": [{"lang": "en", "value": "Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1."}], "source": {"advisory": "GHSA-cgc2-rcrh-qr5x", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T15:29:20.298955Z", "id": "CVE-2026-29053", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:29:27.533Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29053", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-05T15:29:20.298955Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:29:24.112Z"}}], "cna": {"title": "Ghost Vulnerable to Remote Code Execution via Malicious Themes", "source": {"advisory": "GHSA-cgc2-rcrh-qr5x", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "TryGhost", "product": "Ghost", "versions": [{"status": "affected", "version": ">= 0.7.2, < 6.19.1"}]}], "references": [{"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x", "name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-05T05:51:41.166Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29053", "state": "PUBLISHED", "dateUpdated": "2026-03-05T15:29:27.533Z", "dateReserved": "2026-03-03T17:50:11.244Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-05T05:51:41.166Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "624FEA3A-AF23-44E2-B6BF-26785A03B807", "versionEndExcluding": "6.19.1", "versionStartIncluding": "0.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1."}, {"lang": "es", "value": "Ghost es un sistema de gesti\u00f3n de contenido Node.js. Desde la versi\u00f3n 0.7.2 hasta la 6.19.0, temas maliciosos espec\u00edficamente dise\u00f1ados pueden ejecutar c\u00f3digo arbitrario en el servidor que ejecuta Ghost. Este problema ha sido parcheado en la versi\u00f3n 6.19.1."}], "id": "CVE-2026-29053", "lastModified": "2026-03-09T18:40:22.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-05T06:16:50.410", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Primary"}]}